Title: [283600] trunk
- Revision
- 283600
- Author
- sbar...@apple.com
- Date
- 2021-10-05 22:20:07 -0700 (Tue, 05 Oct 2021)
Log Message
Don't pass DontBuildStrings to next token after parsing an empty parameter list
https://bugs.webkit.org/show_bug.cgi?id=225094
<rdar://problem/77231778>
Reviewed by Yusuke Suzuki.
JSTests:
* stress/dont-pass-DontBuildStrings-when-building-empty-arguments-list.js: Added.
(main.a.prototype.g.toString.string_appeared_here):
(main.a):
(main):
Source/_javascript_Core:
We might need the string, it turns out!
* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseArguments):
Modified Paths
Added Paths
Diff
Modified: trunk/JSTests/ChangeLog (283599 => 283600)
--- trunk/JSTests/ChangeLog 2021-10-06 03:47:16 UTC (rev 283599)
+++ trunk/JSTests/ChangeLog 2021-10-06 05:20:07 UTC (rev 283600)
@@ -1,3 +1,16 @@
+2021-10-05 Saam Barati <sbar...@apple.com>
+
+ Don't pass DontBuildStrings to next token after parsing an empty parameter list
+ https://bugs.webkit.org/show_bug.cgi?id=225094
+ <rdar://problem/77231778>
+
+ Reviewed by Yusuke Suzuki.
+
+ * stress/dont-pass-DontBuildStrings-when-building-empty-arguments-list.js: Added.
+ (main.a.prototype.g.toString.string_appeared_here):
+ (main.a):
+ (main):
+
2021-10-05 Mark Lam <mark....@apple.com>
CodeBlock should not add/remove LoopHintExecutionCounters.
Added: trunk/JSTests/stress/dont-pass-DontBuildStrings-when-building-empty-arguments-list.js (0 => 283600)
--- trunk/JSTests/stress/dont-pass-DontBuildStrings-when-building-empty-arguments-list.js (rev 0)
+++ trunk/JSTests/stress/dont-pass-DontBuildStrings-when-building-empty-arguments-list.js 2021-10-06 05:20:07 UTC (rev 283600)
@@ -0,0 +1,7 @@
+// This should not crash the parser.
+function main() {
+ class a {
+ g = [].toString()
+ 'a'(){}
+ }
+}
Modified: trunk/Source/_javascript_Core/ChangeLog (283599 => 283600)
--- trunk/Source/_javascript_Core/ChangeLog 2021-10-06 03:47:16 UTC (rev 283599)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-10-06 05:20:07 UTC (rev 283600)
@@ -1,3 +1,16 @@
+2021-10-05 Saam Barati <sbar...@apple.com>
+
+ Don't pass DontBuildStrings to next token after parsing an empty parameter list
+ https://bugs.webkit.org/show_bug.cgi?id=225094
+ <rdar://problem/77231778>
+
+ Reviewed by Yusuke Suzuki.
+
+ We might need the string, it turns out!
+
+ * parser/Parser.cpp:
+ (JSC::Parser<LexerType>::parseArguments):
+
2021-10-05 Patrick Angle <pan...@apple.com>
Web Inspector: Show color space for canvases in the Graphics tab on the overview cards
Modified: trunk/Source/_javascript_Core/parser/Parser.cpp (283599 => 283600)
--- trunk/Source/_javascript_Core/parser/Parser.cpp 2021-10-06 03:47:16 UTC (rev 283599)
+++ trunk/Source/_javascript_Core/parser/Parser.cpp 2021-10-06 05:20:07 UTC (rev 283600)
@@ -4980,7 +4980,7 @@
consumeOrFailWithFlags(OPENPAREN, TreeBuilder::DontBuildStrings, "Expected opening '(' at start of argument list");
JSTokenLocation location(tokenLocation());
if (match(CLOSEPAREN)) {
- next(TreeBuilder::DontBuildStrings);
+ next();
return context.createArguments();
}
auto argumentsStart = m_token.m_startPosition;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
